-
Notifications
You must be signed in to change notification settings - Fork 5
/
a-tag-test.html
77 lines (74 loc) · 2.58 KB
/
a-tag-test.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<!--
@license
Copyright (c) 2017 The Polymer Project Authors. All rights reserved.
This code may only be used under the BSD style license found at
http://polymer.github.io/LICENSE.txt
The complete set of authors may be found at
http://polymer.github.io/AUTHORS.txt
The complete set of contributors may be found at
http://polymer.github.io/CONTRIBUTORS.txt
Code distributed by Google as part of the polymer project is also
subject to an additional IP rights grant found at
http://polymer.github.io/PATENTS.txt
-->
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<script>
function doInstall() {
security.polymer_resin.install({
'reportHandler': function (isViolation, formatString) {
'use strict';
var index = 1;
var args = arguments;
var message = formatString.replace(/%./g, function () { return args[++index]; });
// Squirrel away content where it is obvious when interactively debugging and
// the test code can get at it without complicating loading.
if (isViolation) {
document.getElementById('resin-reports').textContent += message + '\n';
}
security.polymer_resin.CONSOLE_LOGGING_REPORT_HANDLER.apply(null, args);
},
'safeTypesBridge': security.polymer_resin.closure_bridge.safeTypesBridge
});
}</script>
<script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
<script src="/components/web-component-tester/browser.js"></script>
<link rel="import" href="/components/polymer/polymer.html" />
<script src="resin-plus-bridge-for-test.js"></script>
<script>doInstall();</script>
<script src="a-tag-test.js"></script>
<title>A Tag Tests</title>
</head>
<body>
<pre id="resin-reports"></pre>
<dom-module id="items-to-check">
<template>
<ul>
<li><a id="a1" href="{{innocuousString}}">Innocuous Value</a></li>
<li><a id="a2" href="{{safeUrl}}">Safe Because of Runtime Type</a></li>
<li><a id="a3" href="{{evilPayload}}">JS URL of Unknown Provenance</a></li>
<li><a id="a4" href="javascript:safe()">Authored By Trusted Author</a></li>
</ul>
</template>
<script>
Polymer({
is: 'items-to-check',
properties: {
innocuousString: String,
safeUrl: String,
evilPayload: String
}
});
</script>
</dom-module>
<test-fixture id="a-tag-tests">
<template>
<items-to-check id="to-check"
innocuous-string="http://example.com/ok"
evil-payload="javascript:doEvil()" />
</template>
</test-fixture>
</body>
</html>